That looks to me like the console output rather than contents of the log file.
From your pastebin:
"Invalid response from http://olokos.pl/.well-known/acme-challenge/eVBDn6oy4VK4LYQJgfW7sE5BzbUmrG3lzeAuMphiSLY: \"\u003c!DOCTYPE html\u003e\n\u003chtml lang=\"en\"\u003e\n\u003chead\u003e\n \u003c!-- Simple HttpErrorPages | MIT License | https://github.com/AndiDittrich/HttpError\\"",\n "status": 403
Status code 403 is forbidden.
Have you placed a test.txt file in the acme-challenge folder?
Yes, I would remove letsencrypt and keep certbot.
As I mentioned above in
that test is only relevant for problems with --webroot
, not with the recently-added functionality of --apache
. @olokos is trying to use --apache
, so the test method you suggested won't provide relevant diagnostic information in this case.
http://olokos.pl/.well-known/acme-challenge/TEST.TXT
It’s still accessible since you mentioned trying it out.
Hi, you could try adding --debug-challenges
to your Certbot command line. This causes Certbot to pause the execution after it has deployed its challenge directives to your Apache configuration. The statements should take priority over the requests coming to /.well-known/acme-challenge
paths, and serve those from under directory /var/lib/letsencrypt/http_challenges
instead. While in this state, I would like you to:
- Confirm that the temporary
Include
statement was added to your<VirtualHost>
configuration for the domain. - That the correct validation token exists in
/var/lib/letsencrypt/http_challenges
- That you are not able to access the challenge token URL yourself.
Running Apache on CentOS 6, 2 hosts were failing certbot renewal with vague reference to dns problem. When the last successful renewal ran, there were incorrect IP addresses in “le-redirect-twilite.gsfc.nasa.gov” and another file. My solution was to run “certbot-auto revoke --cert-path /etc/letsencrypt/archive/twilite.gsfc.nasa.gov/cert7.pem” and then run “/usr/local/sbin/certbot-auto” again and re-entered the fqdn and webroot values.
Include /etc/apache2/le_http_01_challenge_pre.conf
2 files with random numbers and lettters, they do look like a key
These tokens dont look like urls so how would I go about accessing them?
Prefix them with http://olokos.pl/.well-known/acme-challenge/
and http://www.olokos.pl/.well-known/acme-challenge/
and then try to access them with a web browser and/or curl
.
I just tried and if I do http://olokos.pl/.well-known/acme-challenge/[tokennumbers] it returns 404 error
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
The issue still remains. Anybody can help?
Please show:
which certbot
sudo certbot --version
grep -Eri 'challenge|olokos|servername|serveralias|virtualhost|rewrite' /etc/apache2
Bumpingggggggggggggggggggggggggg
Hi there,
I have the same issue on a specific page here. All other pages on the same server work fine.
I tested it with the --debug-challenges parameter and it seems that certbot isn't able to or just doesn't create the file. (I created the acme-challenge directory with 777 permissions and checked that directory via browser while running certbot with the debug-parameter.
Here is my terminal-log with the additional -v parameter:
https://hastebin.com/equyuyeyig.makefile
Thanks a lot for your help in advance. I've been looking for a solution to this for over 3 hours now
Hi @webfreak
your directory works:
http://www.ifm.team/.well-known/acme-challenge/
But can you create a file there (name 123456789 without extension) and test, if the file works? There may be a redirect or rewrite rule.
I tried that.
Creating a file and open it via a browser works.
But the certbot isn’t creating a file there. (the debug-challenges parameter was used to check at the stop it creates)